It’s a good lesson for those learning the ropes on how to store and send passwords in the web context.
CNBC just learnt a lesson the hard way regarding computer security.
The news giant posted, and was quick to take down, an article on password security titled “how strong is your password?” It had had a text entry box, which if anything, was a classic example of how not to manage your all- important login credentials.
Adrienne Porter from Google, twitted that the text entry box, in which you placed the password for testing its strength, not only sent the password in clear text, which essentially guarantees anyone sniffing around to intercept your password and use it against you real account, but also that the site actually sends the password to a Google Docs spreadsheet. If that wasn’t enough it sent the password to multiple third parties.
What is not clear is what did CNBC mean when it said “no passwords are being stored,”?
If only the tool had kept the inputs of the text field airtight, its purpose would have been sufficiently served. The purpose would not have been fully served because the tool lulls you into a false sense of security and clearly underestimates how long it would take to crack passwords.
In all fairness, CNBC is now fully aware of what happened and is most probably improving the inner workings of its tool.
The real lesson to be learnt is the old adage – practice what you preach.